Logfile of HijackThis v1.99.1
Scan saved at 22:45:44, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\rob\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.homelearningcollege.com/Home … llege.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 - HKLM…\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM…\Run: [rtasks] C:\Program Files\MenaceRescue\rtasks.exe
O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
i combofix odrazu podczas skanowania wykryl mi tez jakiegos wirusa. mam nod 32
“rob” - 2007-07-17 18:18:30 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\video activex access
C:\Program Files\VirusProtectPro 3.3
C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe
C:\UGA6P
C:\WINDOWS\system32\myqlejy.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_FOPF
((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))
2007-07-17 18:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 21:18
2007-07-14 20:10
2007-07-12 18:49 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-07-12 18:48
2007-07-12 18:48
2007-07-09 20:26
2007-07-08 12:58
2007-07-08 12:57 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-07-08 12:57
2007-07-08 12:07
2007-07-08 11:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-08 11:51 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-08 11:51 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-07-08 11:51 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-08 11:51
2007-07-08 11:10
2007-07-04 17:26
2007-07-02 22:54
2007-07-02 22:53
2007-07-01 20:34
2007-07-01 20:30
2007-07-01 01:34
2007-07-01 01:30 786,432 --ah----- C:\DOCUME~1\ROB~1.HOM\NTUSER.DAT
2007-07-01 01:24 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-01 00:01
2007-06-30 23:23
2007-06-30 23:21
2007-06-30 18:24 2,097,152 --a------ C:\DOCUME~1\rob\ntuser.dat
2007-06-30 11:15
2007-06-28 22:17
2007-06-28 22:16
2007-06-28 22:16
2007-06-28 19:25
2007-06-28 19:15
2007-06-28 19:15
2007-06-28 19:15
2007-06-28 19:15
2007-06-28 18:46 1,277 --a------ C:\WINDOWS\mozver.dat
2007-06-28 18:27
2007-06-28 18:16
2007-06-28 18:13
2007-06-28 17:36 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-06-28 17:36 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-06-28 17:36 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-06-28 17:36 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-06-28 17:36 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-06-28 17:36 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-06-28 17:35 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-06-28 17:35 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-06-28 00:09 884,736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-06-28 00:09 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-06-28 00:09 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-06-28 00:09 2,854,400 --a------ C:\WINDOWS\system32\msi.dll
2007-06-28 00:09 15,360 --a------ C:\WINDOWS\system32\msisip.dll
2007-06-28 00:09
2007-06-28 00:09
2007-06-28 00:04
2007-06-28 00:01 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-28 00:01 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-28 00:01 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-06-28 00:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-06-28 00:00 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-06-28 00:00 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-06-28 00:00 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-06-28 00:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-06-28 00:00 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-06-28 00:00 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-06-28 00:00 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-06-28 00:00 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-06-28 00:00 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-06-28 00:00 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-06-28 00:00 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-06-27 23:59 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-06-27 23:59 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-06-27 23:59 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-06-27 23:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-06-27 23:59 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-06-27 23:59 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-06-27 23:59 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-06-27 23:58 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-06-27 23:57 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-06-27 23:57 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-06-27 23:57 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-06-27 23:57 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-06-27 23:57 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2004-07-22 09:51:34 3,432,656 -c–a-w C:\Program Files\ManagedDX.CAB
2004-07-19 21:58:36 1,156,363 -c–a-w C:\Program Files\BDANT.cab
2004-07-19 21:53:26 976,020 -c–a-w C:\Program Files\BDAXP.cab
2004-07-16 13:30:22 3,858 -c–a-w C:\Program Files\directx redist.txt
2004-07-09 13:17:16 13,265,040 -c–a-w C:\Program Files\dxnt.cab
2004-07-09 08:13:48 15,493,481 -c–a-w C:\Program Files\DirectX.cab
2004-07-09 08:13:46 703,080 -c–a-w C:\Program Files\BDA.cab
2004-07-09 03:08:36 472,576 -c–a-w C:\Program Files\dxsetup.exe
2004-07-09 03:08:34 2,242,560 -c–a-w C:\Program Files\dsetup32.dll
2004-07-09 02:03:10 62,976 -c–a-w C:\Program Files\DSETUP.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-11-04 00:17 54248 --a------ C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2006-01-11 16:23 C:\WINDOWS\RTHDCPL.EXE]
“Alcmtr”=“ALCMTR.EXE” [2005-05-03 17:43 C:\WINDOWS\ALCMTR.EXE]
“nwiz”=“nwiz.exe” [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-06-01 17:22 C:\WINDOWS\system32\nvmctray.dll]
“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-06-28 00:00]
“LifeCam”=“C:\Program Files\Microsoft LifeCam\LifeExp.exe” [2006-10-13 17:01]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2004-12-20 19:41]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-06-08 15:18]
“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:56]
“NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2005-04-08 18:43]
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 18:20:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-17 18:21:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 2007-07-17 18:21
— E O F —